package org.openrewrite.java.security.spring;

import java.util.Iterator;
import java.util.List;
import org.openrewrite.ExecutionContext;
import org.openrewrite.Option;
import org.openrewrite.Recipe;
import org.openrewrite.SourceFile;
import org.openrewrite.TreeVisitor;
import org.openrewrite.internal.lang.Nullable;
import org.openrewrite.java.JavaParser;
import org.openrewrite.java.JavaTemplate;
import org.openrewrite.java.JavaVisitor;
import org.openrewrite.java.MethodMatcher;
import org.openrewrite.java.search.HasTypeOnClasspathSourceSet;
import org.openrewrite.java.tree.J;
import org.openrewrite.java.tree.JavaType;

/* loaded from: input_file:org/openrewrite/java/security/spring/PreventClickjacking.class */
public final class PreventClickjacking extends Recipe {

    @Option(displayName = "Only if security configuration exists", description = "Only patch existing implementations of `WebSecurityConfigurerAdapter`.", required = false)
    @Nullable
    private final Boolean onlyIfSecurityConfig;
    private static final MethodMatcher FRAME_OPTIONS = new MethodMatcher("org.springframework.security.config.annotation.web.configurers.HeadersConfigurer frameOptions()");

    public String getDisplayName() {
        return "Prevent clickjacking";
    }

    public String getDescription() {
        return "The `frame-ancestors` directive can be used in a Content-Security-Policy HTTP response header to indicate whether or not a browser should be allowed to render a page in a `<frame>` or `<iframe>`. Sites can use this to avoid Clickjacking attacks by ensuring that their content is not embedded into other sites.";
    }

    protected TreeVisitor<?, ExecutionContext> getApplicableTest() {
        return new HasTypeOnClasspathSourceSet("org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter");
    }

    protected List<SourceFile> visit(List<SourceFile> list, ExecutionContext executionContext) {
        return new GenerateWebSecurityConfigurerAdapter(Boolean.TRUE.equals(this.onlyIfSecurityConfig), new JavaVisitor<ExecutionContext>() { // from class: org.openrewrite.java.security.spring.PreventClickjacking.1
            public J visitBlock(J.Block block, ExecutionContext executionContext2) {
                Iterator it = ((J.CompilationUnit) getCursor().firstEnclosingOrThrow(J.CompilationUnit.class)).getTypesInUse().iterator();
                while (it.hasNext()) {
                    if (PreventClickjacking.FRAME_OPTIONS.matches((JavaType) it.next())) {
                        return block;
                    }
                }
                return block.withTemplate(JavaTemplate.builder(this::getCursor, "http.headers().frameOptions().deny();").javaParser(() -> {
                    return JavaParser.fromJavaVersion().classpath(new String[]{"spring-security-config", "spring-context", "jakarta.servlet-api"}).build();
                }).build(), block.getCoordinates().lastStatement(), new Object[0]);
            }
        }).maybeAddConfiguration(list, executionContext);
    }

    public PreventClickjacking(Boolean bool) {
        this.onlyIfSecurityConfig = bool;
    }

    public Boolean getOnlyIfSecurityConfig() {
        return this.onlyIfSecurityConfig;
    }

    public String toString() {
        return "PreventClickjacking(onlyIfSecurityConfig=" + getOnlyIfSecurityConfig() + ")";
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof PreventClickjacking)) {
            return false;
        }
        PreventClickjacking preventClickjacking = (PreventClickjacking) obj;
        if (!preventClickjacking.canEqual(this) || !super.equals(obj)) {
            return false;
        }
        Boolean onlyIfSecurityConfig = getOnlyIfSecurityConfig();
        Boolean onlyIfSecurityConfig2 = preventClickjacking.getOnlyIfSecurityConfig();
        return onlyIfSecurityConfig == null ? onlyIfSecurityConfig2 == null : onlyIfSecurityConfig.equals(onlyIfSecurityConfig2);
    }

    protected boolean canEqual(Object obj) {
        return obj instanceof PreventClickjacking;
    }

    public int hashCode() {
        int hashCode = super.hashCode();
        Boolean onlyIfSecurityConfig = getOnlyIfSecurityConfig();
        return (hashCode * 59) + (onlyIfSecurityConfig == null ? 43 : onlyIfSecurityConfig.hashCode());
    }
}
